Fix wrong admin check

This commit is contained in:
Patrick Jentsch 2023-05-09 15:32:09 +02:00
parent 91e42d6d92
commit 595bda98ef

View File

@ -12,7 +12,7 @@ def get_user(user_hashid, backrefs=False, relationships=False):
user = User.query.get(user_id) user = User.query.get(user_id)
if user is None: if user is None:
return {'status': 404, 'statusText': 'Not found'} return {'status': 404, 'statusText': 'Not found'}
if not (user == current_user or current_user.is_administrator): if not (user == current_user or current_user.is_administrator()):
return {'status': 403, 'statusText': 'Forbidden'} return {'status': 403, 'statusText': 'Forbidden'}
return { return {
'body': user.to_json_serializeable( 'body': user.to_json_serializeable(
@ -24,25 +24,6 @@ def get_user(user_hashid, backrefs=False, relationships=False):
} }
# @socketio.on('GET /users/<user_id>')
# @socketio_login_required
# def get_user(user_hashid):
# user_id = hashids.decode(user_hashid)
# user = User.query.get(user_id)
# if user is None:
# return {'options': {'status': 404, 'statusText': 'Not found'}}
# if not (user == current_user or current_user.is_administrator):
# return {'options': {'status': 403, 'statusText': 'Forbidden'}}
# return {
# 'body': user.to_json_serializable2(),
# 'options': {
# 'status': 200,
# 'statusText': 'OK',
# 'headers': {'Content-Type: application/json'}
# }
# }
@socketio.on('SUBSCRIBE /users/<user_id>') @socketio.on('SUBSCRIBE /users/<user_id>')
@socketio_login_required @socketio_login_required
def subscribe_user(user_hashid): def subscribe_user(user_hashid):
@ -50,7 +31,7 @@ def subscribe_user(user_hashid):
user = User.query.get(user_id) user = User.query.get(user_id)
if user is None: if user is None:
return {'status': 404, 'statusText': 'Not found'} return {'status': 404, 'statusText': 'Not found'}
if not (user == current_user or current_user.is_administrator): if not (user == current_user or current_user.is_administrator()):
return {'status': 403, 'statusText': 'Forbidden'} return {'status': 403, 'statusText': 'Forbidden'}
join_room(f'/users/{user.hashid}') join_room(f'/users/{user.hashid}')
return {'status': 200, 'statusText': 'OK'} return {'status': 200, 'statusText': 'OK'}
@ -63,7 +44,36 @@ def unsubscribe_user(user_hashid):
user = User.query.get(user_id) user = User.query.get(user_id)
if user is None: if user is None:
return {'status': 404, 'statusText': 'Not found'} return {'status': 404, 'statusText': 'Not found'}
if not (user == current_user or current_user.is_administrator): if not (user == current_user or current_user.is_administrator()):
return {'status': 403, 'statusText': 'Forbidden'} return {'status': 403, 'statusText': 'Forbidden'}
leave_room(f'/users/{user.hashid}') leave_room(f'/users/{user.hashid}')
return {'status': 200, 'statusText': 'OK'} return {'status': 200, 'statusText': 'OK'}
# @socketio.on('GET User')
# @socketio_login_required
# def n_get_user(user_hashid):
# # This constructs a JSON response which can easily be converted to a Response object
# # Ref: https://developer.mozilla.org/en-US/docs/Web/API/Response/Response
# user_id = hashids.decode(user_hashid)
# user = User.query.get(user_id)
# if user is None:
# return {'options': {'status': 404, 'statusText': 'Not found'}}
# if not (user == current_user or current_user.is_administrator()):
# return {'options': {'status': 403, 'statusText': 'Forbidden'}}
# body = {
# 'id': user.hashid,
# # ...
# 'relationships': {
# 'corpora': {corpus.hashid for corpus in user.corpora},
# 'jobs': [job.hashid for job in user.jobs]
# }
# }
# return {
# 'body': user.to_json_serializable(),
# 'options': {
# 'status': 200,
# 'statusText': 'OK',
# 'headers': {'Content-Type: application/json'}
# }
# }